You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
August 18, 2025
cos-beta-125-19216-0-12
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.41 | v27.5.1 | v2.1.3 | See List |
Updated containerd to v2.1.3.
Updated the NVIDIA GPU driver policy for New Feature Branch (NFB) drivers. The LATEST tag has been updated to point to the stable 570.133.20 Production Branch. The 575.57.08 NFB driver remains available for development and testing but must now be selected by its specific version number.Removed 575.57.08 NFB driver support for NVIDIA_GB200 machine.
Upgraded nvidia-container-toolkit to v1.17.8. This fixes CVE-2025-23266.
Updated cos-gpu-installer to v2.5.5.
Upgraded the Linux kernel to version 6.12.
Upgrade dpdk-kmods to 9b182be2ee4b.
Added support for 7th generation TPU devices.
Patched a null ptr exception bug in NVIDIA 570.124.06 OSS driver.
iptables-restore.service to start after ipset.service.
Fixed an issue that resulted in missing grub boot measurements in some machine configurations.
Updated Python to v3.11.
Upgraded app-containers/docker to v27.5.1, Upgraded app-containers/docker-test to v27.5.1, Upgraded app-containers/docker-cli to v27.5.1.
Updated the default tag of the GPU driver supporting the NVIDIA H200 GPU device to 570.86.15.
Upgrade cloud-init to v24.4.1.
Backported support for AMD SEV-SNP SVSM vTPM driver and configfs-tsm addition for extended attestation protocol.
Added ARM support for the Lustre v2.14.0 drivers.
Added NVIDIA 570.133.20 vGPU driver.
Added support for Nvidia driver version 575.57.08. Added support for NVIDIA_RTX_PRO_6000 devices.
Supported NVIDIA MFT Tools on COS.
Injected IMEX channel char device for GB200 GPUs.
Fixed an issue in containerd that potentially breaks metric collection.
Fixed an issue in containerd that prevented some v2 shims from shutting down properly.
Added support for NVIDIA GB200 GPU with 570.124.06 GPU driver. This driver version has been assigned the latest, default, and R570 tags for this GPU type.
Add support for iRDMA devices.
Updated cos-gpu-installer to v2.4.8: Add the -skip-nvidia-smi flag to disable the execution of nvidia-smi verification during gpu driver installation.
Applied Intel patches to add iRDMA support in the Linux kernel.
Removed an artifact registry ping that would delay multi-user.target indefinitely for machines with no external IP address.
Reverted a containerd change which reduced the default soft file descriptor limit for processes in containers to 1024.
Upgraded app-admin/google-guest-configs to v20250718.00.
Added support for the Lustre 2.14.0_p212 drivers.
Fixed docker MTU mismatch.
Increased kdump memory reservation.
Fixed issue where modinfo could not display module signatures.
Upgraded app-admin/google-guest-agent to v20250418.00.
Upgraded sys-apps/makedumpfile to v1.7.7.
Modified toolbox to use unified cgroup hierarchy mode instead of hybrid mode when possible.
Upgraded app-containers/docker-credential-helpers to v0.9.3.
Fixed EINTR error in app-container/cni-plugins.
Upgraded sys-auth/pambase to v20250228.
Disabled martian logging for ConnectX-7 network cards. These cards only communicate locally, but martian logging during communications with the host can lead to a race condition which causes GID table construction to sometimes fail.
Upgraded app-containers/runc to v1.2.5, Upgraded app-containers/runc-test to v1.2.5.
Upgraded app-admin/node-problem-detector to v0.8.20.
Upgraded app-admin/fluent-bit to v3.2.5.
Upgraded chromeos-base/google-breakpad to v2025.07.23.214511-r244.
Upgraded chromeos-base/minijail to v18-r168.
Upgraded dev-libs/openssl to 3.5.1.
Upgraded dev-lang/go to v1.23.11.
Upgraded chromeos-base/shill-client to v0.0.1-r4879.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r667.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2830.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2969.
Upgraded chromeos-base/debugd-client to v0.0.1-r2734.
Upgraded sys-apps/rootdev to v0.0.1-r51.
Upgraded sys-apps/dbus to v1.16.2-r197.
Upgraded app-benchmarks/microbenchmarks to v0.0.1-r20.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2480.
Updated dev-python/requests to v2.32.4.
Upgraded net-misc/openssh to 10.0_p1.
Upgraded dev-db/sqlite to v3.50.3.
Upgraded virtual/logger to v0-r2.
Upgraded sys-apps/pv to v1.9.34.
Upgraded app-admin/sudo to v1.9.17_p2.
Upgraded sys-process/lsof to v4.99.5.
Updated app-misc/jq to v1.8.1.
Upgraded sys-apps/less to v679.
Upgraded sys-process/procps to v4.0.5-r2.
Upgraded sys-libs/libcap to v2.76.
Upgraded sys-apps/ethtool to version 6.11.
Upgraded app-arch/gzip to v1.14.
Upgraded net-dns/libidn2 to v2.3.8.
Upgraded sys-apps/grep to v3.12.
Upgraded sys-apps/diffutils to v3.11-r2.
Upgraded net-nds/rpcbind to v1.2.7.
Upgraded net-misc/rsync to v3.4.1.
Upgraded dev-libs/nss to v3.110.
Upgraded sys-libs/libseccomp to v2.6.0-r2.
Upgraded dev-libs/expat to v2.7.1.
Upgraded app-arch/unzip to v6.0_p29.
Upgraded sys-apps/acl to v2.3.2-r2.
Updated dev-python/s3transfer to v0.11.4.
Updated dev-python/botocore to v1.37.9.
Updated dev-python/python-dateutil to v2.9.0.
Upgraded sys-apps/which to v2.23.
Upgraded dev-libs/double-conversion to v3.3.1.
Upgraded net-misc/socat to v1.8.0.3.
Upgraded sys-apps/hwdata to v0.391.
Upgraded sysram to version 6.12-0.
Added support for Nvidia driver version 535.261.03. This fixes CVE-2025-23286 and CVE-2025-23279.
Added support for Nvidia driver version 570.172.08. This fixes CVE-2025-23279.
Upgraded net-misc/netplan to v1.1.2. This fixes CVE-2022-4968.
Fixed CVE-2024-6174 and CVE-2024-11584 in cloud-init.
Fixed CVE-2025-47273 in dev-python/setuptools.
Updated systemd to v254.26. This resolves CVE-2025-4598.
Updated apparmor to v3.1.6. This fixes CVE-2016-1585.
Update NVIDIA GPU drivers to v535.247.01 for default/ R535 and v570.133.20 for latest/R570. This resolves CVE‑2025‑23244.
Fixed CVE-2025-8058 in glibc.
Upgraded dev-libs/glib to 2.82.5. This resolves CVE-2024-52533.
Patched openssl to fix CVE-2023-50782 affecting dev-python/crytography.
Updated dev-go/net in policy manager to v0.39.0. This fixes CVE-2025-22870.
Upgraded dev-go/crypto to v0.35.0. This fixes CVE-2025-22869.
Updated dev-go/oauth2 to v0.27.0. Fixes CVE-2025-22868.
Fixed CVE-2024-13176 in dev-libs/openssl.
Fixed CVE-2025-0395 in sys-libs/glibc.
Fixed CVE-2024-9287 in dev-lang/python.
Fixed CVE-2025-0840 in binutils.
Upgraded sys-libs/binutils-libs to version 2.45. This fixes CVE-2025-8224,CVE-2025-8225 and CVE-2025-1153.
Upgraded dev-vcs/git to version 2.49.1. This fixes CVE-2025-48385, CVE-2025-27613, CVE-2025-27614, CVE-2025-48384, CVE-2025-46835.
Fixed CVE-2024-26130 in dev-python/cryptography.
Updated app-editors/nano to v8.5. This resolves CVE-2024-5742.
Upgraded vim, vim-core to version 9.1.1500. This fixes CVE-2025-26603, CVE-2025-27423, CVE-2025-29768, CVE-2025-1215, CVE-2025-24014, CVE-2025-22134.
Upgrade libarchive to v3.8.1. This fixes CVE-2025-5914.
Upgraded elfutils to v0.193. This fixes CVE-2025-1365, CVE-2025-1371, CVE-2025-1372, and CVE-2025-1377.
Fixed CVE-2024-23337 in app-misc/jq.
Upgraded net-misc/curl to v8.12.1. This fixes CVE-2025-0167.
Fixed CVE-2025-46836 in sys-apps/net-tools
Fixed CVE-20250-3198 in sys-libs/bintuils-libs.
Fix CVE-2025-32414, CVE-2025-32415 in dev-libs/libxml2.
Fixed CVE-2025-32728 in net-misc/openssh.
Fixed CVE-2024-53427 in app-misc/jq.
Fixed CVE-2025-31498 in net-dns/c-ares.
Fixed CVE-2024-48615 in app-arch/libarchive.
Upgraded net-misc/wget to v1.25.0. This fixes CVE-2024-10524.
Upgraded dev-libs/libxml2 to v1.12.10. Fixes CVE-2025-27113.
Runtime sysctl changes:
- Added: kernel.apparmor_restrict_unprivileged_unconfined: 0
- Added: kernel.core_file_note_size_limit: 4194304
- Added: kernel.core_sort_vma: 0
- Added: net.ipv4.fib_multipath_hash_seed: 0
- Added: net.ipv4.tcp_pingpong_thresh: 1
- Added: net.ipv6.conf.all.ra_honor_pio_life: 0
- Added: net.ipv6.conf.all.ra_honor_pio_pflag: 0
- Added: net.ipv6.conf.all.regen_min_advance: 2
- Added: net.ipv6.conf.default.ra_honor_pio_life: 0
- Added: net.ipv6.conf.default.ra_honor_pio_pflag: 0
- Added: net.ipv6.conf.default.regen_min_advance: 2
- Added: net.ipv6.conf.docker0.ra_honor_pio_life: 0
- Added: net.ipv6.conf.docker0.ra_honor_pio_pflag: 0
- Added: net.ipv6.conf.docker0.regen_min_advance: 2
- Added: net.ipv6.conf.eth0.ra_honor_pio_life: 0
- Added: net.ipv6.conf.eth0.ra_honor_pio_pflag: 0
- Added: net.ipv6.conf.eth0.regen_min_advance: 2
- Added: net.ipv6.conf.lo.ra_honor_pio_life: 0
- Added: net.ipv6.conf.lo.ra_honor_pio_pflag: 0
- Added: net.ipv6.conf.lo.regen_min_advance: 2
- Added: vm.enable_soft_offline: 1
- Changed: fs.epoll.max_user_watches: 1809007 -> 1808517
- Changed: fs.fanotify.max_user_marks: 67544 -> 68412
- Changed: fs.file-max: 811774 -> 811484
- Changed: fs.inotify.max_user_watches: 63425 -> 64189
- Changed: kernel.threads-max: 63487 -> 63178
- Changed: net.ipv4.tcp_mem: 94041 125391 188082 -> 94017 125357 188034
- Changed: net.ipv4.udp_mem: 188085 250783 376170 -> 188034 250715 376068
- Changed: user.max_cgroup_namespaces: 31743 -> 31589
- Changed: user.max_fanotify_marks: 67544 -> 68412
- Changed: user.max_inotify_watches: 63425 -> 64189
- Changed: user.max_ipc_namespaces: 31743 -> 31589
- Changed: user.max_mnt_namespaces: 31743 -> 31589
- Changed: user.max_net_namespaces: 31743 -> 31589
- Changed: user.max_pid_namespaces: 31743 -> 31589
- Changed: user.max_time_namespaces: 31743 -> 31589
- Changed: user.max_user_namespaces: 31743 -> 31589
- Changed: user.max_uts_namespaces: 31743 -> 31589
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 0 -> 256 256 32 0
- Deleted: kernel.sched_child_runs_first: 0